Merge "Support systemd unit management during node join"
This commit is contained in:
commit
ed56213244
|
@ -8,11 +8,45 @@ metadata:
|
||||||
layer: site
|
layer: site
|
||||||
storagePolicy: cleartext
|
storagePolicy: cleartext
|
||||||
data:
|
data:
|
||||||
|
systemd_units:
|
||||||
|
kube-cgroup:
|
||||||
|
enable: true
|
||||||
files:
|
files:
|
||||||
- path: /opt/kubernetes/bin/kubelet
|
- path: /opt/kubernetes/bin/kubelet
|
||||||
tar_url: https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz
|
tar_url: https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz
|
||||||
tar_path: kubernetes/node/bin/kubelet
|
tar_path: kubernetes/node/bin/kubelet
|
||||||
mode: 0555
|
mode: 0555
|
||||||
|
- path: /etc/systemd/system/kube-cgroup.service
|
||||||
|
content: |
|
||||||
|
[Unit]
|
||||||
|
Description=Create and tune cgroup for Kubernetes Pods
|
||||||
|
Requires=network-online.target
|
||||||
|
Before=kubelet.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Delegate=yes
|
||||||
|
ExecStart=/usr/local/sbin/kube-cgroup.sh
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
RequiredBy=kubelet.service
|
||||||
|
mode: 0444
|
||||||
|
- path: /usr/local/sbin/kube-cgroup.sh
|
||||||
|
mode: 0744
|
||||||
|
content: |-
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
KUBE_CGROUP=${KUBE_CGROUP:-"kube_whitelist"}
|
||||||
|
SYSTEMD_ABSPATH="/sys/fs/cgroup/systemd/$KUBE_CGROUP"
|
||||||
|
CPUSET_ABSPATH="/sys/fs/cgroup/cpuset/$KUBE_CGROUP"
|
||||||
|
CPU_ABSPATH="/sys/fs/cgroup/cpu/$KUBE_CGROUP"
|
||||||
|
MEM_ABSPATH="/sys/fs/cgroup/memory/$KUBE_CGROUP"
|
||||||
|
|
||||||
|
for cg in $SYSTEMD_ABSPATH $CPUSET_ABSPATH $CPU_ABSPATH $MEM_ABSPATH
|
||||||
|
do
|
||||||
|
mkdir -p "$cg"
|
||||||
|
done
|
||||||
- path: /etc/logrotate.d/json-logrotate
|
- path: /etc/logrotate.d/json-logrotate
|
||||||
mode: 0444
|
mode: 0444
|
||||||
content: |-
|
content: |-
|
||||||
|
|
|
@ -18,6 +18,7 @@ data:
|
||||||
- --anonymous-auth=false
|
- --anonymous-auth=false
|
||||||
- --feature-gates=PodShareProcessNamespace=true
|
- --feature-gates=PodShareProcessNamespace=true
|
||||||
- --v=3
|
- --v=3
|
||||||
|
- --cgroup-root=/kube_whitelist
|
||||||
images:
|
images:
|
||||||
pause: gcr.io/google_containers/pause-amd64:3.0
|
pause: gcr.io/google_containers/pause-amd64:3.0
|
||||||
...
|
...
|
||||||
|
|
|
@ -169,6 +169,51 @@ class Configuration:
|
||||||
if value:
|
if value:
|
||||||
return value
|
return value
|
||||||
|
|
||||||
|
@property
|
||||||
|
def enable_units(self):
|
||||||
|
""" Get systemd unit names where enable is ``true``."""
|
||||||
|
return self.get_units_by_action('enable')
|
||||||
|
|
||||||
|
@property
|
||||||
|
def start_units(self):
|
||||||
|
""" Get systemd unit names where start is ``true``."""
|
||||||
|
return self.get_units_by_action('start')
|
||||||
|
|
||||||
|
@property
|
||||||
|
def stop_units(self):
|
||||||
|
""" Get systemd unit names where stop is ``true``."""
|
||||||
|
return self.get_units_by_action('stop')
|
||||||
|
|
||||||
|
@property
|
||||||
|
def disable_units(self):
|
||||||
|
""" Get systemd unit names where disable is ``true``."""
|
||||||
|
return self.get_units_by_action('disable')
|
||||||
|
|
||||||
|
def get_units_by_action(self, action):
|
||||||
|
""" Select systemd unit names by ``action``
|
||||||
|
|
||||||
|
Get all units that are ``true`` for ``action``.
|
||||||
|
"""
|
||||||
|
return [
|
||||||
|
k for k, v in self.systemd_units.items() if v.get(action, False)
|
||||||
|
]
|
||||||
|
|
||||||
|
@property
|
||||||
|
def systemd_units(self):
|
||||||
|
""" Return a dictionary of systemd units to be managed during join.
|
||||||
|
|
||||||
|
The dictionary key is the systemd unit name, each will have a four
|
||||||
|
boolean keys: ``enable``, ``disable``, ``start``, ``stop`` on the
|
||||||
|
actions to be taken at the end of genesis/node join. The steps
|
||||||
|
are ordered: enable, start, stop, disable.
|
||||||
|
"""
|
||||||
|
all_units = {}
|
||||||
|
|
||||||
|
for document in self.iterate(kind='HostSystem'):
|
||||||
|
all_units.update(document['data'].get('systemd_units', {}))
|
||||||
|
|
||||||
|
return all_units
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def join_ips(self):
|
def join_ips(self):
|
||||||
maybe_ips = self.get_path('KubernetesNode:join_ips')
|
maybe_ips = self.get_path('KubernetesNode:join_ips')
|
||||||
|
|
|
@ -11,6 +11,18 @@ data:
|
||||||
abs_path:
|
abs_path:
|
||||||
type: string
|
type: string
|
||||||
pattern: '^/.+$'
|
pattern: '^/.+$'
|
||||||
|
systemd_unit:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
enable:
|
||||||
|
type: boolean
|
||||||
|
disable:
|
||||||
|
type: boolean
|
||||||
|
start:
|
||||||
|
type: boolean
|
||||||
|
stop:
|
||||||
|
type: boolean
|
||||||
|
additionalProperties: false
|
||||||
apt_source_line:
|
apt_source_line:
|
||||||
type: string
|
type: string
|
||||||
# XXX add regex
|
# XXX add regex
|
||||||
|
@ -27,7 +39,6 @@ data:
|
||||||
$ref: '#/definitions/url'
|
$ref: '#/definitions/url'
|
||||||
tar_path:
|
tar_path:
|
||||||
$ref: '#/definitions/rel_path'
|
$ref: '#/definitions/rel_path'
|
||||||
|
|
||||||
requried:
|
requried:
|
||||||
- mode
|
- mode
|
||||||
- path
|
- path
|
||||||
|
@ -68,6 +79,10 @@ data:
|
||||||
type: object
|
type: object
|
||||||
items:
|
items:
|
||||||
$ref: '#/definitions/file'
|
$ref: '#/definitions/file'
|
||||||
|
systemd_units:
|
||||||
|
type: object
|
||||||
|
additionalProperties:
|
||||||
|
$ref: '#/definitions/systemd_unit'
|
||||||
images:
|
images:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
|
|
|
@ -105,6 +105,13 @@ log
|
||||||
log === Starting Docker and Kubelet ===
|
log === Starting Docker and Kubelet ===
|
||||||
set -x
|
set -x
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
{% for a in ['enable','start','stop','disable'] %}
|
||||||
|
{% for u in config.get_units_by_action(a) %}
|
||||||
|
systemctl {{ a }} {{ u }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
systemctl restart docker || true
|
systemctl restart docker || true
|
||||||
systemctl enable kubelet
|
systemctl enable kubelet
|
||||||
systemctl restart kubelet
|
systemctl restart kubelet
|
||||||
|
|
Loading…
Reference in New Issue